Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

G'Quann writes "Starting next year, all communication providers in Germany will have to store all connection data for six months. This includes not only phone calls but also IP addresses and e-mail headers. There had been a lot of protest against the new law, but it was ignored by the government. Quoting: 'The content of the communications is not stored. The bill had been heavily criticized. Privacy [advocates] had organized demonstrations against the bill in all major German cities at the beginning of this week. In October there had already been a large demonstration with thousands of participants in Germany's capital Berlin. All opposition parties voted against the bill. Several members of the opposition and several hundred private protesters announced a constitutional complaint.'"

Before we in the U.S. get to patting ourselves on the back for not being this bad, consider the story [slashdot.org] just two posts down that discusses how this is probably already being done here with no one's knowledge or consent. I say "probably" because no one really knows. No laws passed, no protests staged (hard to protest something you don't even know about), just government silently doing whatever it wants after slapping a "national security" label on it.

It's not right in Germany, and it's not right here. The difference is that at least in Germany, this type of gross invasion of privacy happened on the public record and they can react and do something about it now.

Of course, we in the U.S. can do something about it too, but most people won't get worked up over what government might be doing without it being proven true, and our government is mercilessly exploiting that fact right now by keeping everything secret and implying that anyone who thinks otherwise is some kind of kooky conspiracy theorist (while they spy on them to make sure they don't get too far out of line).

The people who see this coming are a minority. I don't think Germany is special in this way. Governments all over the world are doing this quitely and slowly, so almost nobody will notice the difference or will do anything, because the difference is so small.

Germany just introduced fingerprints in their id cards. Very few people think that this is a bad idea.

I say "probably" because no one really knows. No laws passed, no protests staged (hard to protest something you don't even know about), just government silently doing whatever it wants after slapping a "national security" label on it.

In other words, "groundless speculation."

The Bush administration doesn't have a really good record of keeping such programs under wrap. Why would this be any different?

It was ruled long ago by the American courts, that the information on the envelope of a letter is not subject to privacy expectations and can be examined by the police without a warrant.

Could there be a slight difference in proportionality between "being allowed to examine the information on the envelope of a letter without a warrant" and "requiring the information on the envelope of every single letter to be recorded and kept available for six months"?

Before we in the U.S. get to patting ourselves on the back for not being this bad

It was ruled long ago by the American courts, that the information on the envelope of a letter is not subject to privacy expectations and can be examined by the police without a warrant.

Germany's surveilance of the e-mail headers and connection's IPs is no different — fair game, as long as the contents is not looked at.

It's not right in Germany, and it's not right here.

It's been "right" here and there for decades — possibly, centuries. I can not even find any links quickly, which means, it is certainly a pre-Internet thing...

Yes, but no.Envolope: Address, adressee, sender, return address, location where it was mailed from (Via Postmark)e-mail: Address, adresse, sender, return address, server that it was sent from, a list of every server it's touched since being sent, subject, unique identifier, what software was used, what's being responded to, what type of document is included in the message, possibly spam status flags (Anything Bold is not located on the outside of an envelope)

Sadly, out of all the comments here, he's the only one who got it right.
This is NOTHING like what we're seeing here in the US. There are quite a few important differences:
- This is a public law that has been voted on by the legislature (UNLIKE anything we've seen here).
- They are not saving the actual content, but just the connection data (eg. A talked with B).
- The government is not the one who's saving this data. Individual providers are now required to keep the data for 6 months. That certainly lim

The way this is intended to work is that the traffic captured goes unencrypted. As soon as SMTPS [whoopis.com], IMAPS and possibly POP3S is used all this effort is just a waste of resources because the mail headers will also be encrypted. Same goes for HTTPS.

Of course it's possible to do a man in the middle attack from the government on this, but it will be a waste of effort and unless the traffic is restricted to always going through government approved servers and proxies it will be a wa

Dude, employees coming to congress and saying this is happening is not equivalent to some nut bag who believes in space aliens giving him an anal probe. The evidence is there for the taking, but it is locked up behind national security claims that no one seems to have the balls to break open and shine the light of day on to see if they are valid. So excuse folks who believe that trust but verify is not a bad way of approaching matters with the government. And oh, black helicopters are your side's boogey man

Dude, employees coming to congress and saying this is happening is not equivalent to some nut bag who believes in space aliens giving him an anal probe.

When did I say it was?

I'm referring to things such as the practice of extraordinary rendition, torture by waterboarding, silently monitoring all Internet traffic, etc. Stuff that the administration in charge keeps waving their hand at us and telling us, "There's nothing to worry about."

There's an unprecedented level of government secrecy in the U.S. now, secrecy about stuff that has little or nothing to do with national security. Well, secrecy except when it comes to disclosing the names of CIA personnel who happen to be involved with your political enemies. That's what makes me so nervous, it's secrecy for political reasons, not secrecy for security reasons.

It's kind of ironic that all of this is done in the name of protecting me from terrorists. I'm more afraid of my own government today than I've ever been of terrorists. And frankly, I feel that the government that has spent so much time, money, and effort, breaking laws whenever convenient, to protect me from terrorism has made us more vulnerable than ever.

Being more afraid of government abusing its power against its people than from terrorists who may or may not attack you doesn't mean you support terrorists.

I'm also more afraid of a government using its power to eliminate my freedoms than of terrorists using violence to achive the same goal. Simply because of statistical probability of either happening and the relative likelyness of success.

What can a terrorist do? He can strike a certain target to limited damage. It can be a serious blow like what happened at 9/11, but this hardly affected the whole country directly. What affected the whole country were the actions taken by the government as a response to it.

So yes, I'm more afraid of an abusive government. It has far more effective means on its hands to have a negative effect on my life than any terrorist could have.

The difference is that at least in Germany, this type of gross invasion of privacy happened on the public record and they can react and do something about it now.

Yeah. That's the thing. This is happening everywhere in western "democracies". The problem is... where totalitarian dictatorships went wrong in the past, is that they try and shut people up. That causes trouble. There's really no need to to quieten and remove dissidents. No-one really cares.

People get all het up about changes to Facebook, what's on Reality TV, the price of gas, road traffic enforcement -- but stuff like this, stuff that really matters. Meh, forget it, nobody cares...

Are people already brainwashed? It's really impossible to imagine The American / French / Russian / etc revolution happening now. What happened? Seriously, how did this happen?

We have more food, water, power, etc. than we need and we can get the goods we need (at a price). Now, if we can't get stuff we want at any price and we no longer have water, or power, or food, then that's the stuff that revolutions are made from. In today's political climate, economic realities make a major revolution unlikely in America or Western Europe.

And YES, we have at least a million Americans totally brainwashed and mindf*cked enough that if, for some highly outlandishly unlikely chance, President Bush decides to declare a State of Emergency and suspends elections next year, these people would not terribly mind this inconvenience. They would come to believe that this would be a necessary action and the President Bush would be in the right for doing it. For them, the President cannot be wrong and can do no wrong. I guarantee we will hear a LOT from this group during the next 12 months because they don't like any of the current Republicans and they certainly hate the Clintons with all of their soul.

Most revolutions come in times of despair. When you look at the French and the Russian revolution, both were in the end caused by people having the alternative of either starving to death or overthrowing the government. I'm not so sure about the American revolt. Maybe it was the only one that wasn't caused by utter desperation.Now, the US economy is maybe moving downwards currently, but we're far from the point of starvation and economic desaster. Everyone's fed, everyone's entertained. That's how the Roman

The meta-conspiracy theory says that Governments now encourage conspiracy theories in order to decrease the "signal to noise" ratio outside of official media channels.

The result is that independent media is totally unreliable because every fact is swamped by a million paranoid half-truths and lies. But the official media is also unreliable due to bias. So, (1) people have no reliable source of information, and (2) almost any criticism of the Government can be dismissed as the ravings of a crazy conspiracy theorist.

The problem is... where totalitarian dictatorships went wrong in the past, is that they try and shut people up. That causes trouble. There's really no need to to quieten and remove dissidents. No-one really cares.

Indeed yes. You don't need to "disappear" the dissenters. You just need to make them look like crazy paranoids, and in many cases, they are perfectly capable of doing that for themselves.

I think you already answered your own question: western society has only one solid policy which was pushed over the last 30 years: growth. All our problems will be solved with more growth. Attached to it comes consumerism. Lots of people, especially in large cities, have no interest whatsoever in their neighbors and their community.Whereas people in the past would debate publicly, people now happily go about buying shit to craft their identities (which is what marketing is all about).

The problem is... where totalitarian dictatorships went wrong in the past, is that they try and shut people up. That causes trouble. There's really no need to to quieten and remove dissidents. No-one really cares.

Actually, during the cultural revolution [wikipedia.org] in China this technique was used for a bit. Basically, they let people to openly criticize the government and even encouraged it. The went around and said "See! We are democratic! We let people complain about the government!"

What if you use an exploit that takes only 1 packet, and spoof the IP addresses? If they try and trace the "hacking" back to one of these IPs, do they get into serious trouble since "of course it is you"?

The majority of the Germans right now simply does not know what their goverment does. The percentage of privacy aware people is miniscule and mostly active on the net. Yes, there were demonstrations, and about 10000 people took part, but those 10000 were divided on whole 40 (!) cities, so there in average there were only 200-300 demonstrants per city. Not actually enough to make the public aware of the imminent loss of their privacy rights. TV channels were mostly not present at the demos because nobody fro

>> Maybe somewhere in the Swiss Alps?>As being German: Definitely yes. Island may be an other option to consider>If the current politics remain, Germany is going to be a police and>surveillance state in near future...

Living in Germany you should know better than that.

Don't worry. In two months from now someone will the surveilance will cost money and jobs and eventually eliminate 15% of the positions for human investigators at the federal german BKA, thus costing more jobs. An uproar will shake the nation. Some guy at some obscure bureau of the Interior Ministry will also notice that this law makes their recent pet project, the German Federal Trojan (TM) officialy 65% superfluos. Another big no-no. Some other intellectual will publically notice that all info about all Germans is either available at StudiVZ (Germanys Facebook/MySpace), Amazon.de Marketplace or Ebay Germany anyway - which is allready completely scanned and archived (backups included) by the German IRS - and we know everything worth knowing about everybody allready. 10-15 different factions and public bodies of interest groups will have allready filed 20 complaints to the Federal Constitutional Court and the country will be plaqued by a lengthy debate that will have Secretary of the Interior Schäuble eventually drive his wheelchair off a cliff in frustration. Just before the current coalition of two big parties ends it's legislature there will be a watered down full-compromise version of the law with 8500 exception rules and modifications delivered on 2000+ pages in three big-ass Leitz file-covers, German style. Two months after the federal vote and three months into the new law someone in the EU Gouverment Headquarters will notice that this law breaks somewhere between 23 and 65 terms of union contracts, the British will wine that the Germans are now also attempting to take over the EU lead in surveilance, directly competing the UKs last big resort of excellence. Eventually the then new German gouverment will be bitch-slapped into revising its 10kg online surveilance law into a new draft as not to be fined by Brussels for a kazillion Euros.

Bottom line: No need to worry yet. Even by the most optimistic projections I wouldn't expect this law to gain any tracktion before 2015.

In Germany, they came first for the Communists, And I didn't speak up because I wasn't a Communist;And then they came for the trade unionists, And I didn't speak up because I wasn't a trade unionist;And then they came for the Jews, And I didn't speak up because I wasn't a Jew;And then . . . they came for me . . . And by that time there was no one left to speak up."
- Pastor Martin Niemöller (1892-1984)

On the Internet, they came first for Zimmerman and PGP, and I didn't speak up because nobody could figure out how to integrate it into an email client anyway;
And then they came for the warez d00dz, and I didn't speak up because I wasn't a pirate;
And then they came for Napster, and I didn't speak up because I had.torrents;
And then they came for my traffic, and by that time Request timed out.

Yeah, sure. Whatever. If you're on a P2P network, or even just downloading a linux distro you're probably connected to hundreds of ips which have absolutely nothing with you to do. Good luck on mining that unmanagable mess.

In the early days (first 30 years) of the FBI J. Edgar Hoover made heavy use of his "special investigators" to gather dirt on members of congress, the President, and probably parts of the judiciary. This blackmail material was carefully saved for use to protect both himself and advance his power. He also used this against other such noteable figures as Martin Luther King whom he blackmailed with secretly recorded audio of his marital infidelity. Ironically some people regard this as King's fault not Hoover's. It also set the precedent for branches of the government spying on one-another.

The simple fact of the matter is that once you give someone the ability to spy on you they will use it, for themselves. This story and the one two posts down about the NSA make perfect sense. The best way to keep yourself and your party on top is to have all the information, all the secrets that you can about your opponents. That way anyone who might challenge your power could be cowed by threats to expose their, or their childrens' embarrassing secrets.

Quite some time ago Gonzales announced that the Justice Department would begin extensive investigations into the world of Pornography, legal pornography. He candidly admitted that they were not breaking the law nor did he expect to find that Playboy was in violation of some statute. He only said that he wanted to keep track of 'them'.

Forget finding criminals, the Mafia isn't real. It's all always about power. You think Bin Laden and Mullah Muhammed Omar are dumb enough to be googling "Bomb" no they're using trusted couriers and decentralized structures that don't rely on the use of easily traced e-mails. It's all of us and our elected representatives who are the target here.

He also used this against other such noteable figures as Martin Luther King whom he blackmailed with secretly recorded audio of his marital infidelity. Ironically some people regard this as King's fault not Hoover's.

Well, a point can be made that all leaders are responsible for living a moral life. At least moral by their own standards - they would not be ashamed to admit it - and possibly confirming to society in all the areas which are not related to their agenda. Otherwise their mission gets lost in the

You think Bin Laden and Mullah Muhammed Omar are dumb enough to be googling "Bomb" no they're using trusted couriers and decentralized structures that don't rely on the use of easily traced e-mails.

No, but their couriers may be dumb enough to have done so in the past, or that kid googling today will grow up to be a courier. Analyzing networks of connections, many of them perfectly legal and harmless, has been an effective way to detect cutouts and others insulating high ranking criminals. It will work f

2009... 100Gigabit Ethernet is standardized & sold to carrier backbones. 10G Ethernet becomes cheap & FTTH becomes more affordable. The crappiest computer you can buy now is a quad core with a combined core speed of 10Gigahertz speed.------------2010... Their retort: Use Quantum computing to break your encryption. Buy kilometers of underground bases and install thousands of rows of racks filled with multi-terabyte hard drives to store it all.------------2011... You upgrade your computer with a quantum chip and use unbreakable encryption.----------2012... They are *$(*#ed and you WIN! All Internet is now encrypted and unbreakable and everyone has multi-terabyte hard drives and multi-hundred Megabit or gigabit speeds to home.

2008/8 - Users begin switching from encryption to sending lots of plain text [wikipedia.org].2008/9 - When it becomes a felony to use any encryption that does not have a back door for the NSA (or RIAA... whichever comes first).

I could kind of see that in the US for the NSA... but the NSA isn't going to bust your door down because you downloaded a copyrighted album of Metalica. Allowing the RIAA to have access to all encryped backdoor traffic would never fly. 3 Examples:1) For instance, a friend of mine uses encrypted VPNs to access his work's computer from home. He works for a stock market fund managing company... it would seriously impact their business if their employees could not VPN in from home.

2011... You upgrade your computer with a quantum chip and use unbreakable encryption.
----------
2012... They are *$(*#ed and you WIN! All Internet is now encrypted and unbreakable and everyone has multi-terabyte hard drives and multi-hundred Megabit or gigabit speeds to home.

Nothing is unbreakable. If a human created it, it has weakness. This may sound fatalistic, but it's the sad reality. It's an arms race for sure, and winning may involve keeping something secret for a determined finite amount of time, but in the end if there's a trace left, it can be solved.

2008: Everyone starts using encryption and TOR. Everyone? No, just those that care about the whole surveillance (about 0.01% of the online population).

2009: A new law comes out that everyone in Germany who runs servers has to keep logs. This includes TOR operators, of course. Encryption for private use is outlawed, an exception is provided for online banking and corporation communication.

So. Like. They have a law? That admits what they expect? And defines what they're allowed to do? And there's a limit to what they can do? And it can help identify evildoers? But after 6 months, the data goes away?
And we're thinking that's scary? Sounds like goddamned paradise to me. Here, they just drag you off and you disappear and *no carrier*

They see the United States slowing turning to a Nazi-like state and they're determined to defend their intellectual property by returning to Nazism first.

Why is it so hard for some otherwise reasonable people to understand that in a society where everything and everyone is tracable, sooner or later those in power can spank down a few annoying people and everyone will get the idea that if they speak out, they could be next?

Just to be clear on one point: the IP address tracking mentioned in articles on this subject is the IP address allocated by your ISP, not the IP addresses you connect to. Which is bad enough, and on the basis of existing laws there was a ruling that ISPs aren't allowed to retain your IP connection history for privacy reasons.

Personally I've alway assumed IP addresses are inherently traceable, so in a practical sense this doesn't make any difference to me (except that no doubt I'll end up paying for the extra costs incurred by my ISP). It's the other stuff I find more worrying - and completely asinine at the same time, because anyone with anything to hide (including teh terrorists) will know how to work round them anyway.

Good, I just posted in the related firehose story how logging every connection from each user would likely cause a huge data-storage issue - ISPs that do Netflow accounting (such as the one I work for) only keep the data long enough to do realtime traffic analysis and still have to store it on big disks if they want to hold onto it for a day, much less six months.

Just want to point out that a logging like that just started in Denmark this September. Source and destinaton IP, port. each 500th packet. email sender and reciever etc. It is required for each service provider to log this for at least 6 months I believe. Of course there are a lot of loopholes where they don't need to look lige small apartment nets etc.

I was pondering the same. Are they remotely aware what amount of data will be created that way? Even if they only want to log who talks with whom (that's the plan here at least), it means logging every single sync sent from you. Me. And everyone else using that ISP.

The amount of data alone is stunning. The overhead to store this flood of information for 6 months costs millions.

This law is necessary for all countries which are members of the European Union to implement, because it is a EU directive.Germany are not the only country in EU that will pass this law. Every country in the union are obliged to have their telephone companies and ISPs keep the information for at least six years (I think Sweden are going to recuire the companies to keep the data for at least a year, but I have not followed the debate for the last months).

It is important to point out, however, that it's only the metadata that will be saved. You can see that a person have contacted another person, and probably even where this was (if it's a mobile phone), but you can't see what they have been talking about.

Oh please, don't try to brush it of on the big, bad EU that interferes with your national legislation. It's not like the German representatives there voted against this bullcrap.

Too often our politicians use the EU as a petty excuse to push unpopular laws. "We can't help it, the EU makes us" has far too often been the excuse. I don't buy it anymore. If they really don't want to implement it, they should vote against it in the EU Parlament or shut the f. up.

let me explain to you how it works:some german ministers want to introduce some new crap law to become a police state.then they see that this law could be rendered as unconstitutional (or they just try to implement it and fail).they go to eu and spin-doctor that crap there so it goes back to germany as an eu directive and the ministers can say they could do nothing about it.

One that just goes and creates random SYN packets, sending them to random IP addresses and ports and watching the logs go berserk in the process.

With enough people participating, one could even create a network of some sort, where successful syncs are shared and repeated by others, so actual commections (and thus log entries) are created at an elevated rate.

As my statistics prof always preached, the only thing that's worse than having too little data is to have poisoned data.

Truly. The real thesis of 1984 is not the constant supervision of the people, but the twisting of thought by language. The concept of Newspeak is quite interesting because it erodes people's perceptions of something that is intrinsically bad, but twists it to seem, if not completely opposite, but neutral to the communication at hand.

The constant vigilance of Big Brother was only to ensure that those who even hinted at seeing past Newspeak and the overall deception were properly dealt with.

You can see a present day example of Newspeak in the redefinition of words such as "liberal". In this topic, there is at least one example of someone using the new definition [slashdot.org]. It's quite amazing (1) how that word has been redefined to mean something bad, and (2) how many people have bought into the redefinition by using it. That's the power of television, I guess.

Truly. The real thesis of 1984 is not the constant supervision of the people, but the twisting of thought by language. The concept of Newspeak is quite interesting because it erodes people's perceptions of something that is intrinsically bad, but twists it to seem, if not completely opposite, but neutral to the communication at hand.

The constant vigilance of Big Brother was only to ensure that those who even hinted at seeing past Newspeak and the overall deception were properly dealt with.

Sadly, we're already beginning to see this with English, but they're being far more subtle about it than were the engsoc's in 1984.they're not trying to create a separate language, rather they're just starting to use existing words differently.

as an example: A bumper Sticker I saw the other day "My son is an Iraq Freedom Fighter" with a US Army Logo. "Freedom fighter" is what is sometimes used by the "Insurgants" as they are fighting to free their country from the ocupying force.

The Netherlands ain't far behind. As it was already pointed out somewhere earlier, it's an EU directive that has to be implemented in all EU member countries. Germany is just being Germany by being the overachiver.